Vulnerability protection

A combined security update for Microsoft Office, Windows, .NET Framework, and Silverlight has been released to address multiple vulnerabilities that could lead to remote code execution, denial of service attack, or escalation of privilege.

Microsoft has released a combined security update to resolve multiple vulnerabilities that were reported found in Microsoft Office, Windows, .NET Framework, and Silverlight.

Six remote code execution vulnerabilities were reported in those products, two of which involving TrueType font file, one involving .NET Framework, two involving Office GDI+, and one involving Silverlight.

There is one denial of service vulnerability in .NET Framework. It was caused by improper comparation of the value of an index within a Windows Presentation Foundation (WPF) application.

Finally, there are three escalation of privilege vulnerabilities that could allow an attacker to execute code in kernel mode. To exploit these three vulnerabilities, the attacker must first log on to the local system and run a specially crafted application.

All these vulnerabilities have been resolved through the combined security update, which introduces necessary changes and modification of vulnerable components. Users are recommended to install this latest update as a protection measure against potential exploit attempts.

CVE-2011-3402
CVE-2012-0159
CVE-2012-0162
CVE-2012-0164
CVE-2012-0165
CVE-2012-0167
CVE-2012-0176
CVE-2012-0180
CVE-2012-0181
CVE-2012-0848

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-034)

Microsoft Security Bulletin MS12-034